Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

WEBINAR:On-Demand

Sophisticated attackers increasingly use little or no malware to compromise and steal data from their targets, according to an alert posted by managed security services firm Dell Secureworks on Sept. 2.

Instead, in nearly every intrusion investigated by security analysts at the company in the past year, the attackers used compromised credentials to gain entry into the network and legitimate administrator tools to move from system to system, the alert stated. Attackers used little or no malware, the firm said.

“There are a lot of legitimate system tools that employees use to conduct daily operations and those same tools can be used by the adversaries,” he said. “The challenge then becomes to discern between legitimate administrator activity and the behavior of an adversary.”

Further reading

Dell Secureworks described three attacks in general terms, highlighting how an attacker does not have to use malicious software to accomplish their mission. In one case, the attackers nabbed an employee’s credentials to log into the manufacturer’s Citrix system. Because the company did not implement two-factor authentication the attackers were able to easily log into the network. The attackers also used an administration tool to distribute patches to further the compromise.

A second attack applied a similar modus operandi, using stolen Citrix credentials to log into the network and observe activities. The attackers used a central management server, which is used to distribute antivirus updates, to push malware to the endpoints.

These sorts of attacks are not new. They harken back to the early days of computer hacking. In the 1980s, most hackers found ways into systems and networks using stolen or cracked credentials. Once inside the network, they used administrator tools or exploits to accomplish their goals.

More recently, Dell Secureworks warned in May for companies to be on the lookout for attackers using stolen credentials to break into networks and existing administrator tools to move from machine to machine. Since the intruders used only the tools they could find locally, and eschewed malware, Dell Secureworks researchers termed the technique “living off the land.”

An attack on a pharmaceutical maker, the third case highlighted by Dell Secureworks, used no malware. Initially, the attacker convinced a single employee to enter in their network credentials by posing as the company’s IT department. Within a few hours, the attackers had access to the company’s virtual private network and parlayed that into broader access to the network.

“They sent a phishing message to twelve different users and one fell for it,” Dell Secureworks’ Burdette said. “One person fell for it and that is all that it took.”

Companies should use two-factor authentication to limit access to employees and make user credentials less useful to attackers, Dell Secureworks advised. Any privileged user account should be audited regularly and valuable intellectual property identified and then closely monitored.

Advertiser Disclosure:
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.